GHSA-M468-XCM6-FXG4 nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service Collapse

Summary The nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the primary configuration file app.ini. This vulnerability results in a persistent...

nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service Collapse

Summary The nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the primary configuration file app.ini. This vulnerability results in a persistent...

GHSA-FHH2-GG7W-GWPQ nginx-ui Backup Restore Allows Tampering with Encrypted Backups

Summary The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. Details The backup format lacks a trusted integrity root. Although files are encrypted, the encryption key and IV are provided to the clie...

nginx-ui Backup Restore Allows Tampering with Encrypted Backups

Summary The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. Details The backup format lacks a trusted integrity root. Although files are encrypted, the encryption key and IV are provided to the clie...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of URL-encoded traversal sequences, which could allow authenticated users to delete the entire /etc/nginx director...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI 2.3.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MCP integration, where the /mcmessage endpoint only applied an IP white list, and the default white list was empty. This...

PT-2026-29088

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.4 Description Nginx UI improperly handles URL-encoded traversal sequences in its configuration, potentially leading to a partial Denial of Service. Specifically, specially crafted paths can cause the backend to...

PT-2026-29089

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.4 Description Nginx UI is susceptible to a race condition due to the absence of synchronization mechanisms and non-atomic file writes. Concurrent requests can severely corrupt the primary configuration file...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained security vulnerabilities. These vulnerabilities stemmed from the backup and restoration mechanism, which allowed attackers to tamper with encrypted backup archives and inject malicious...

Nginx UI 输入验证错误漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained a vulnerability related to input validation. This vulnerability stemmed from issues with input validation in the logrotate configuration. It allowed authenticated users to cause the web interfa...

nginx-ui Backup Restore Allows Tampering with Encrypted Backups

The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration...

CVE-2026-33029

creationtimestamp| type| source ---|---|--- 2026-03-28 03:20:34+00:00| published-proof-of-concept| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-cp8r-8jvw-v3qg...

CVE-2026-33027

creationtimestamp| type| source ---|---|--- 2026-03-28 03:19:28+00:00| published-proof-of-concept| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-m8p8-53vf-8357...

Exploit for Missing Encryption of Sensitive Data in Nginxui Nginx_Ui

CVE-2026-27944 PoC Description CVE-2026-27944 is an identi...

📄 Nginx UI 2.3.3 Unauthenticated Backup Disclosure / Decryption

This Python proof‑of‑concept demonstrates an unauthenticated information disclosure vulnerability in Nginx UI tracked as CVE-2026-27944. The vulnerability allows a remote attacker to access the /api/backup endpoint without authentication and retrieve a backup archive of the server configuration...

📄 Nginx UI 2.3.3 Backup Decryption Mass Scanner

This Python tool is a multi‑threaded scanner and exploitation utility designed to identify and validate the vulnerability CVE-2026-27944 affecting Nginx UI versions 2.3.2 and below. The script supports scanning single hosts, CIDR ranges, or target lists, and checks multiple common web service...

Exploit for CVE-2026-27944

Nginx UI Discovery Scanner - CVE-2026-27944 Version Detector ht...

CVE-2026-27944

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure

Summary The /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data user credentials,...

CVE-2026-27944 Nginx UI: Unauthenticated Backup Download with Encryption Key Disclosure

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to...